change response cache ttl (--enable-cache-ttl)
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Thu Aug 4 18:27:59 UTC 2016
"many client have caused a burst DNS traffic" is not much of a problem statement, honestly.
What does this patch add, of value, that isn't already covered by "max-cache-ttl"?
If you're trying to allow the operators of intermediate resolvers to override the intentions of the data owner, by enforcing a *minimum* TTL, then I have to say that's a really bad idea. The data owner sets their TTL for a reason, and if it's low, it's probably because the infrastructure is very dynamic. Forcing data to be kept after the data owners' TTL, risks keeping "stale" data in the client, and this will likely have a negative impact on the user experience. It might even have security implications, because maybe that resource (e.g. IP address) isn't trusted any more. You don't want clients connecting to an untrusted resource, do you? Who would have legal or criminal liability, if that happened?
- Kevin
-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of SUKMOON LEE
Sent: Thursday, August 04, 2016 7:25 AM
To: bind-users at lists.isc.org
Subject: change response cache ttl (--enable-cache-ttl)
Hello Sirs,
I am Sukmoon Lee, a software developer and network engineer in South Korea.
Recently, most clients(smart phone) have a local DNS cache.
The Cache DNS TTL affects the client cache expiration time domain. So many clients have caused a burst DNS traffic.
In order to solve this issue made the following patches for 9.9.9-P2 ISC BIND.
It was modified so as not to affect the original code as much as possible.
This function is working using '--enable-cache-ttl' option.
So cache DNS responses a stored cache TTL.
My question is wondering whether to require this function.
So, please check code that there are no problems.
Thank you.
Sukmoon Lee
diff -Nur bind-9.9.9-P2/bin/named/query.c bind-9.9.9-P2-ttl/bin/named/query.c
--- bind-9.9.9-P2/bin/named/query.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/bin/named/query.c 2016-07-27 11:05:46.414020726 +0900
@@ -2302,11 +2302,15 @@
dns_rdatalist_init(dns64_rdatalist);
dns64_rdatalist->rdclass = dns_rdataclass_in;
dns64_rdatalist->type = dns_rdatatype_aaaa;
+#ifdef USE_CACHE_STORED_TTL
+ dns64_rdatalist->ttl = rdataset->base_ttl; #else
if (client->query.dns64_ttl != ISC_UINT32_MAX)
dns64_rdatalist->ttl = ISC_MIN(rdataset->ttl,
client->query.dns64_ttl);
else
dns64_rdatalist->ttl = ISC_MIN(rdataset->ttl, 600);
+#endif
if (RECURSIONOK(client))
flags |= DNS_DNS64_RECURSIVE;
@@ -2360,6 +2364,9 @@
result = dns_rdatalist_tordataset(dns64_rdatalist, dns64_rdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
+#ifdef USE_CACHE_STORED_TTL
+ dns64_rdataset->base_ttl = rdataset->base_ttl; #endif
client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
dns64_rdataset->trust = rdataset->trust;
query_addrdataset(client, mname, dns64_rdataset); @@ -5456,7 +5463,11 @@
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &soa, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
+#ifdef USE_CACHE_STORED_TTL
+ ttl = ISC_MIN(rdataset.base_ttl, soa.minimum); #else
ttl = ISC_MIN(rdataset.ttl, soa.minimum);
+#endif
cleanup:
if (dns_rdataset_isassociated(&rdataset))
@@ -6984,10 +6995,14 @@
* decremented to zero or if there was no negative cache
* ttl in the answer.
*/
+#ifdef USE_CACHE_STORED_TTL
+ client->query.dns64_ttl = rdataset->base_ttl; #else
if (rdataset->ttl != 0)
client->query.dns64_ttl = rdataset->ttl;
else if (dns_rdataset_first(rdataset) == ISC_R_SUCCESS)
client->query.dns64_ttl = 0;
+#endif
query_releasename(client, &fname);
dns_db_detachnode(db, &node);
rdataset = NULL;
@@ -7510,7 +7525,11 @@
*/
client->query.dns64_aaaa = rdataset;
client->query.dns64_sigaaaa = sigrdataset;
+#ifdef USE_CACHE_STORED_TTL
+ client->query.dns64_ttl = rdataset->base_ttl; #else
client->query.dns64_ttl = rdataset->ttl;
+#endif
query_releasename(client, &fname);
dns_db_detachnode(db, &node);
rdataset = NULL;
diff -Nur bind-9.9.9-P2/config.h.in bind-9.9.9-P2-ttl/config.h.in
--- bind-9.9.9-P2/config.h.in 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/config.h.in 2016-07-27 08:35:55.669404673 +0900
@@ -159,6 +159,9 @@
/* Define to enable the "filter-aaaa-on-v4" option. */ #undef ALLOW_FILTER_AAAA_ON_V4
+/* Define to enable the "cache-ttl" option. */ #undef
+USE_CACHE_STORED_TTL
+
/* define if ATF unit tests are to be built. */ #undef ATF_TEST
diff -Nur bind-9.9.9-P2/configure bind-9.9.9-P2-ttl/configure
--- bind-9.9.9-P2/configure 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/configure 2016-07-27 08:33:08.743618406 +0900
@@ -1024,6 +1024,7 @@
with_dlz_stub
with_make_clean
enable_full_report
+enable_cache_ttl
'
ac_precious_vars='build_alias
host_alias
@@ -1690,6 +1691,7 @@
[default=no]
--enable-querytrace enable very verbose query trace logging [default=no]
--enable-full-report report values of all configure options
+ --enable-cache-ttl use response a stored cache ttl [default=no]
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -11442,6 +11444,7 @@
test "${enable_fetchlimit+set}" = set || enable_fetchlimit=yes
test "${enable_warn_error+set}" = set || enable_warn_error=yes
test "${enable_warn_shadow+set}" = set || enable_warn_shadow=yes
+ test "${enable_cache_ttl+set}" = set || enable_cache_ttl=yes
;;
esac
#
@@ -13211,6 +13214,26 @@
#
+# check if we want Stored Cache TTL
+#
+# Check whether --enable-cache-ttl was given.
+if test "${enable_cache_ttl+set}" = set; then :
+ enableval=$enable_cache_ttl;
+fi
+
+case "$enable_cache_ttl" in
+yes)
+
+$as_echo "#define USE_CACHE_STORED_TTL 1" >>confdefs.h
+
+ ;;
+*)
+ ;;
+esac
+
+
+
+#
# check if we have kqueue
#
# Check whether --enable-kqueue was given.
@@ -23531,6 +23554,8 @@
test "$want_querytrace" = "yes" && \
echo " Very verbose query trace logging (--enable-querytrace)"
test "$atf" = "no" || echo " Automated Testing Framework (--with-atf)"
+test "$enable_cache_ttl" = "yes" && \
+ echo " Stored cache TTL (--enable-cacht-ttl)"
# these lines are only printed if run with --enable-full-report if test "$enable_full_report" = "yes"; then @@ -23590,6 +23615,8 @@
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$PYTHON" = "X" && echo " Python tools (--with-python)"
test "X$libxml2_libs" = "X" && echo " XML statistics (--with-libxml2)"
+test "$enable_cacht_ttl" = "yes" || \
+ echo " Stored cache TTL (--enable-cache-ttl)"
if test "X$ac_unrecognized_opts" != "X"; then
echo
diff -Nur bind-9.9.9-P2/lib/dns/include/dns/rdataset.h bind-9.9.9-P2-ttl/lib/dns/include/dns/rdataset.h
--- bind-9.9.9-P2/lib/dns/include/dns/rdataset.h 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/include/dns/rdataset.h 2016-07-27 08:33:28.849073731 +0900
@@ -137,6 +137,9 @@
dns_rdataclass_t rdclass;
dns_rdatatype_t type;
dns_ttl_t ttl;
+#ifdef USE_CACHE_STORED_TTL
+ dns_ttl_t base_ttl;
+#endif
dns_trust_t trust;
dns_rdatatype_t covers;
/*
diff -Nur bind-9.9.9-P2/lib/dns/rbtdb.c bind-9.9.9-P2-ttl/lib/dns/rbtdb.c
--- bind-9.9.9-P2/lib/dns/rbtdb.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/rbtdb.c 2016-07-27 08:33:49.981554223 +0900
@@ -342,6 +342,9 @@
*/
rbtdb_serial_t serial;
dns_ttl_t rdh_ttl;
+#ifdef USE_CACHE_STORED_TTL
+ dns_ttl_t base_ttl;
+#endif
rbtdb_rdatatype_t type;
isc_uint16_t attributes;
dns_trust_t trust;
@@ -2948,6 +2951,9 @@
rdataset->type = RBTDB_RDATATYPE_BASE(header->type);
rdataset->covers = RBTDB_RDATATYPE_EXT(header->type);
rdataset->ttl = header->rdh_ttl - now;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = header->base_ttl; #endif
rdataset->trust = header->trust;
if (NEGATIVE(header))
rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE; @@ -6676,6 +6682,13 @@
newheader = (rdatasetheader_t *)region.base;
init_rdataset(rbtdb, newheader);
set_ttl(rbtdb, newheader, rdataset->ttl + now);
+#ifdef USE_CACHE_STORED_TTL
+ if (rdataset->type==0) { // ncache for dns64
+ newheader->base_ttl = rdataset->ttl;
+ } else {
+ newheader->base_ttl = rdataset->base_ttl;
+ }
+#endif
newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type,
rdataset->covers);
newheader->attributes = 0;
@@ -6862,6 +6875,13 @@
newheader = (rdatasetheader_t *)region.base;
init_rdataset(rbtdb, newheader);
set_ttl(rbtdb, newheader, rdataset->ttl);
+#ifdef USE_CACHE_STORED_TTL
+ if (rdataset->type==0) { // ncache for dns64
+ newheader->base_ttl = rdataset->ttl;
+ } else {
+ newheader->base_ttl = rdataset->base_ttl;
+ }
+#endif
newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type,
rdataset->covers);
newheader->attributes = 0;
diff -Nur bind-9.9.9-P2/lib/dns/rdataset.c bind-9.9.9-P2-ttl/lib/dns/rdataset.c
--- bind-9.9.9-P2/lib/dns/rdataset.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/rdataset.c 2016-07-27 10:49:36.011035374 +0900
@@ -70,6 +70,9 @@
rdataset->rdclass = 0;
rdataset->type = 0;
rdataset->ttl = 0;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = 0;
+#endif
rdataset->trust = 0;
rdataset->covers = 0;
rdataset->attributes = 0;
@@ -99,6 +102,9 @@
rdataset->rdclass = 0;
rdataset->type = 0;
rdataset->ttl = 0;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = 0;
+#endif
rdataset->trust = 0;
rdataset->covers = 0;
rdataset->attributes = 0;
@@ -126,6 +132,9 @@
rdataset->rdclass = 0;
rdataset->type = 0;
rdataset->ttl = 0;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = 0;
+#endif
rdataset->trust = 0;
rdataset->covers = 0;
rdataset->attributes = 0;
@@ -488,7 +497,15 @@
isc_buffer_putuint16(target, rdataset->type);
isc_buffer_putuint16(target, rdataset->rdclass);
if (!question) {
+#ifdef USE_CACHE_STORED_TTL
+ if (rdataset->type==dns_rdatatype_a || rdataset->type==dns_rdatatype_aaaa) {
+ isc_buffer_putuint32(target, rdataset->base_ttl);
+ } else {
+ isc_buffer_putuint32(target, rdataset->ttl);
+ }
+#else
isc_buffer_putuint32(target, rdataset->ttl);
+#endif
/*
* Save space for rdlen.
diff -Nur bind-9.9.9-P2/lib/dns/resolver.c bind-9.9.9-P2-ttl/lib/dns/resolver.c
--- bind-9.9.9-P2/lib/dns/resolver.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/resolver.c 2016-07-27 10:46:42.692031770 +0900
@@ -5119,6 +5119,13 @@
if (rdataset->ttl > res->view->maxcachettl)
rdataset->ttl = res->view->maxcachettl;
+#ifdef USE_CACHE_STORED_TTL
+ /*
+ * Save a stored cache TTL.
+ */
+ rdataset->base_ttl = rdataset->ttl;
+
+#endif
/*
* Find the SIG for this rdataset, if we have it.
*/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list